Font size:

The Open Web Application Security (OWASP) Project is an initiative to track and report on the most prevalent and most dangerous web application exploits. This course follows a 'Defense-In-Depth' strategy of assessing each layer of your .NET web application and applying the OWASP Top 10 principles to mitigate against these threats. This course is one of a series in the SkillSoft learning path that covers the OWASP Top 10.

Learning Objectives
  • Start the course
  • Recognize how error message handling can be exploited and how to deal with this
  • Recognize how to encrypt relevant sections of the .NET configuration files
  • Recognize how to handle security when using NuGet packages
  • Describe when and how to use encryption in .NET
  • Recognize how asymmetric encryption works in .NET
  • Describe how to mitigate against command injection at the base .NET Framework level
  • Describe SQL Injection and how to mitigate against it
  • Identify the SQL Server authentication models
  • Identify mitigations to Insecure Direct Object Reference at the database level
  • Describe password hashing and its application
  • Describe how inadequately releasing types can lead to Denial of Service
  • Describe CORS Preflight requests and how to secure them in ASP.NET Web API
  • Recognize where and how to implement authorization in ASP.NET Web API
  • Recognize where and how to implement authorization in WCF
  • Identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files
  • Recognize the impacts of various web.config file settings
  • Describe SSL/HTTPS security
  • Describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript
  • Describe JavaScript behaviors that can lead to security breaches and how to mitigate against them
  • Describe how to appropriate encode output into a page to avoid script injection, XSS, and other exploits
  • Recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks
  • Describe how session state works in ASP.NET and ASP.NET MVC
  • Implement password policies in ASP.NET and ASP.NET MVC
  • Describe multi-factor authentication and how it can be implemented in ASP.NET MVC
  • List appropriate approaches to capturing, storing, validating, and resetting user passwords
  • Describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC
  • Use the Microsoft Anti-cross Site Scripting Library
  • Implement authorization in ASP.NET MVC
  • Allow your users to authenticate against external login providers like Microsoft, Twitter, Facebook and Google
  • Identify mitigations for OWASP Top 10 violations in a given scenario
Register Now
OWASP Mitigations for .NET Online course
  • Course ID:
  • Duration:
    206 minutes
  • Price: